Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1AD3231357446A73B0663E7D592375F2F32E98289F8230A4082FD87CD5BCEE89ED21645 |
|
CONTENT
ssdeep
|
192:RHAGHbZx8DT0Y+0B5x3PXOf1lvHdERYIlczPm27rLExgS/zBdlzL2bMaz+lNBGe:PFERB5wt5nEAMaSlNUe |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
eccc93936592936a |
|
VISUAL
aHash
|
fbf1f1f1f1ffc381 |
|
VISUAL
dHash
|
6327272727432b23 |
|
VISUAL
wHash
|
f191d1f1f1f38181 |
|
VISUAL
colorHash
|
06006000000 |
|
VISUAL
cropResistant
|
6327272727432b23,4d49614959794b7d,141e1a141484c5e3,24242c2e24246456,5070ca2d5d4d2d39 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 189 techniques to evade detection by security scanners and make reverse engineering more difficult.